Job description

Do you want to be part of a fast-growing company in the leading field of compliance and cybersecurity? We are looking for the top people to help us be the best.

The core mission of the Security and Compliance Engineer is to analyze and evaluate current security deployment against NIST 800-171 and CMMC ML1 and ML2 for Office 365 commercial and Office 365 GCC-High/Azure government settings. As part of this role, you will be conducting NIST 800-171 scoring, Gap Analysis against CMMC ML1 and ML2 using our Compliance management tools. You will continuously evaluate, review the technical deployment of KAMIND security solutions in Azure Commercial/Office 365 and Azure Government/GCC High, assist clients developing necessary procedures and processes using Microsoft 365 Security suites, and assist the different service teams as needed. A deep understanding of Microsoft licensing and technical implementation of Microsoft security services in Azure, Office 365 and AOS-G (Government licensing) is required. You will work with our Project Manager and our other service team members and out clients in your day-to-day activity and recording all information in our Compliance management tool.

Activities include maintaining a secure Azure, Office 365 and on-premise environment for our client base using Microsoft and 3rd party security solutions, assist in the development of new KAMIND security and compliance related product offerings and technologies, improvements to KAMIND security and compliance processes, design and implementation of automation pertaining to the deployment of security solutions, as well as any related documentation, KB’s and client-facing collateral. This is a full-time job reporting to the Technical Operations Manager.

Responsibilities and Duties

Maintain a relevant technical understanding of the national standards FedRAMP, NIST, CMMC, Microsoft security stack, participating in CMMC assessment team as needed, and continuous evaluation of deployed deployed security solutions to develop the necessary processes for documentation of proof of execution. In addition, this role includes the following.

• Educate partner teams on compliance programs, workflows, and processes including upcoming changes

• Perform risk assessment and control gap analysis against policies and standards such as CMMC, FedRAMP, and NIST

• Generate and evaluate compliance/security reports as needed to meet KAMIND security objectives.
• Create, organize, and articulate summarized risk findings that are clear and actionable by partner teams

• Work closely with partner teams to deliver policy and compliance requirements in ways that are cost effective, align with business objectives, and comply with security standards

• Design, develop, and implement automation for continuous control monitoring, administrative tasks, and metric reporting for all security compliance programs

• Monitor environments and submit remediation actions to verify the effectiveness of security controls and identify areas for improvement
• Maintain knowledge of KAMIND’s products, environment, systems, and architecture

• Maintain knowledge of industry trends and security landscape to drive roadmap and continuous program evolution

• Create and maintain solutions to automate the discovery and remediation of non-compliant resources

• Support internal and external auditors or advisors as needed

• Manage our compliance management tool to ensure that data is synced and proof of execution documents are continuously generated.

• Stay current on industry trends, attack and response techniques, with both security and compliance tools

• Validate, maintain, and perform auditing of our security client customer base

• Make suggestions and maintain industry related compliance for our client base that require compliance needs

• Project and design documentation as well as KBs and client facing documentation/collateral

• Support Tier 1 analysis in performing day to day operations on Compliance related activities

• Writing of technical BLOG postings related to security

• Customer interaction and meetings to determine needs and requirements

• Travel to customer locations as necessary

• Acquire and maintain necessary and relevant Microsoft certifications

Qualifications and Skills

This position requires in-depth knowledge of information technology security standards and best practices. The ideal candidate will have previous hands-on IT security experience, participated in assessment programs with a C3PAO, deploying security related tools and infrastructure, monitoring of adherence of security deployment that conforms to NIST 800-171 and DEFARS 254.202-7012. Applicants should be comfortable talking about all aspects of IT related security. In addition, this role requires a high level of customer contact and collaboration, design, implementation, and involvement in project planning.

Documentation for projects including design, asset inventory, deployment strategy, diagrams, and presentation to customers is required. All aspects of the environment and deployment must also be documented for support and future implementations.

Must have 2+ years of experience related to IT security. Relevant certifications including Microsoft security certifications (AZ-500, AZ-101, MS-101, MS-500) and CMMC RP and a CCP candidate are a big plus. Experience in an MSP or other IT company is highly desirable. Annual background checks are performed due to the security requirements of our work.

Due to Federal ITAR requirements, KAMIND IT is required to restrict our hiring to persons who are US Citizens, lawful permanent residents, or green card holders. KAMIND IT provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. You will NEED to bring your Driver's License and Birth Certificate or Passport along with the completed Employment Application with you if called for an interview.

Job Type: Full-time

Pay: $54,000.00 - $120,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Flexible schedule
• Flexible spending account
• Health insurance
• Paid time off
• Professional development assistance
• Referral program
• Vision insurance

Compensation package:

• Bonus pay

Schedule:

• Monday to Friday

Ability to commute/relocate:

• Lake Oswego, OR 97035: Reliably commute or planning to relocate before starting work (Required)

Experience:

• Microsoft 365: 2 years (Required)
• Azure: 1 year (Preferred)
• NIST 800-171: 2 years (Required)
• Cybersecurity: 2 years (Required)

Language:

• English (Required)

License/Certification:

• Microsoft Certification for AZ 900 (Required)

Security clearance:

• Secret (Preferred)

Work Location: In person

gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.